Description
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, the Claim File Tracker feature exposes an AJAX endpoint that returns billing claim metadata (claim IDs, payer info, transmission logs). The endpoint does not enforce the same ACL as the main billing/claims workflow, so authenticated users without appropriate billing permissions can access this data. This vulnerability is fixed in 8.0.0.1.
Published: 2026-03-11
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized access to sensitive claim data
Action: Immediate Patch
AI Analysis

Impact

The vulnerability in OpenEMR allows authenticated users who lack formal billing or claims workflow permissions to retrieve billing claim metadata through a dedicated AJAX endpoint. Because the endpoint does not enforce the same access‑control lists (ACLs) as the main billing and claims interface, an attacker can gain read‑only visibility to claim IDs, payer information, and transmission logs. This represents an unauthorized data disclosure and is identified as a CWE‑862 "Missing Authorization in Sensitive Functionality" weakness. The impact is the loss of confidentiality for claim information, potentially exposing protected health information to non‑privileged users.

Affected Systems

The flaw exists in OpenEMR versions prior to 8.0.0.1. The affected product is OpenEMR from the vendor openemr. Any instance running a version earlier than 8.0.0.1 is vulnerable; upgrading to 8.0.0.1 or later secures the endpoint and restores proper ACL enforcement.

Risk and Exploitability

The CVSS score for this vulnerability is 4.3, indicating a moderate severity. The EPSS score is below 1%, suggesting a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog, further indicating limited known exploitation. Attack vector is authenticated: an attacker must already have legitimate system credentials but no billing privileges. The narrow scope of the data exposed and the need for legitimate authentication reduce the overall risk, yet the confidentiality breach remains a concern for healthcare compliance.

Generated by OpenCVE AI on March 17, 2026 at 16:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenEMR to version 8.0.0.1 or later

Generated by OpenCVE AI on March 17, 2026 at 16:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 13 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Open-emr
Open-emr openemr
CPEs cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:*
Vendors & Products Open-emr
Open-emr openemr

Thu, 12 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Openemr
Openemr openemr
Vendors & Products Openemr
Openemr openemr

Wed, 11 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Description OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, The Claim File Tracker feature exposes an AJAX endpoint that returns billing claim metadata (claim IDs, payer info, transmission logs). The endpoint does not enforce the same ACL as the main billing/claims workflow, so authenticated users without appropriate billing permissions can access this data. This vulnerability is fixed in 8.0.0.1. OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, the Claim File Tracker feature exposes an AJAX endpoint that returns billing claim metadata (claim IDs, payer info, transmission logs). The endpoint does not enforce the same ACL as the main billing/claims workflow, so authenticated users without appropriate billing permissions can access this data. This vulnerability is fixed in 8.0.0.1.

Wed, 11 Mar 2026 21:00:00 +0000

Type Values Removed Values Added
Description OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, The Claim File Tracker feature exposes an AJAX endpoint that returns billing claim metadata (claim IDs, payer info, transmission logs). The endpoint does not enforce the same ACL as the main billing/claims workflow, so authenticated users without appropriate billing permissions can access this data. This vulnerability is fixed in 8.0.0.1.
Title OpenEMR: Missing Authorization on Claim File Tracker UI and AJAX Endpoint (V2)
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Open-emr Openemr
Openemr Openemr
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-12T14:09:01.436Z

Reserved: 2026-03-10T22:19:36.544Z

Link: CVE-2026-32122

cve-icon Vulnrichment

Updated: 2026-03-12T14:08:56.411Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-11T21:16:17.997

Modified: 2026-03-13T15:48:07.257

Link: CVE-2026-32122

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:37:02Z

Weaknesses